From 7cabc0bf2f7e3b3bf87f8f0247a7a2eae4ebfc7f Mon Sep 17 00:00:00 2001
From: Christian Schneider
Date: Tue, 12 Mar 2019 14:41:22 +0100
Subject: Use cryptographically secure random_int() to generate password and
 increase length to 12 characters for 49^12 possibilities

---
 it_user.class | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/it_user.class b/it_user.class
index 68ff2b7..26046cf 100644
--- a/it_user.class
+++ b/it_user.class
@@ -329,14 +329,15 @@ function create_login_identifier()
 /*
  * Create a random password with given length.
  */
-function create_password($length = 8, $charset = 'abcdefghjkpqrstuvwxyz23456789ABCDEFGHJKPRSTUVWXYZ')
+function create_password($length = 12, $charset = 'abcdefghjkpqrstuvwxyz23456789ABCDEFGHJKPRSTUVWXYZ')
 {
 	$result = "";
 
-	mt_srand((double)microtime() * 1000000);
+	if (!function_exists($rand = 'random_int'))
+		$rand = 'mt_rand';
 
 	for ($i = 0; $i < $length; $i++)
-		$result .= substr($charset, mt_rand(0, strlen($charset) - 1), 1);
+		$result .= substr($charset, $rand(0, strlen($charset) - 1), 1);
 
 	return $result;
 }
-- 
cgit v1.2.3